Bug #6020
panic in smbsrv netbios_first_level_name_decode
Start date:
2015-06-21
Due date:
% Done:
100%
Estimated time:
Difficulty:
Medium
Tags:
needs-triage
Gerrit CR:
Description
Kernel panic seen occasionally "in the wild":
BAD TRAP: type=e (#pf Page fault) rp=ffffff003d137840 addr=ffffff0c3e2f3000 ffffff003d137840 unix:cmntrap+e6 () ffffff003d137960 smbsrv:netbios_first_level_name_decode+bb () ffffff003d137aa0 smbsrv:netbios_name_isvalid+2f () ffffff003d137b40 smbsrv:smb_session_request+cb () ffffff003d137b80 smbsrv:smb_session_receiver+3e () ffffff003d137bb0 smbsrv:smb_server_receiver+28 () ffffff003d137c40 genunix:taskq_d_thread+b1 () ffffff003d137c50 unix:thread_start+8 ()
Updated by Gordon Ross over 5 years ago
The decoding of the "scope" field is not sufficiently careful about lengths boundary checks etc.
We didn't want to support NetBIOS scopes, so I just removed that code.
Updated by Electric Monk over 5 years ago
- Status changed from New to Closed
- % Done changed from 0 to 100
git commit b3988cf65491efce7a0df7b735c586e4e12714f0
commit b3988cf65491efce7a0df7b735c586e4e12714f0
Author: Gordon Ross <gwr@nexenta.com>
Date: 2015-10-04T15:58:42.000Z
6020 panic in smbsrv netbios_first_level_name_decode
Reviewed by: Alek Pinchuk <alek.pinchuk@nexenta.com>
Reviewed by: Dan Fields <dan.fields@nexenta.com>
Reviewed by: Paul Nenaber <paul.nienaber@nexenta.com>
Reviewed by: Andy Stormont <astormont@racktopsystems.com>
Reviewed by: Dan McDonald <danmcd@omniti.com>
Approved by: Garrett D'Amore <garrett@damore.org>